]> Dyn, Inc.

150 Dow St Manchester NH 03101 U.S.A. asullivan@dyn.com

IETF Domain Name System Resource Records are identified in part by their class. The class field is not effective, and it is not used the way it appears to have been intended. This memo makes no recommendation about the DNS parameters registry, but urges those defining new RRTYPEs to define them for all classes.

The Domain Name System (DNS) includes two types of division: one by class, and one by "cuts". As says, The database for any class is organized, delegated, and maintained separately from all other classes. Since, by convention, the name spaces are the same for all classes, the separate classes can be thought of as an array of parallel namespace trees. Note that the data attached to nodes will be different for these different parallel classes. The most common reasons for creating a new class are the necessity for a new data format for existing types or a desire for a separately managed version of the existing name space. As of this writing, there are only three "ordinary" classes assigned. Class 1 is the Internet or IN class. Class 3 is the Chaos or CH class. Class 4 is the Hesiod or HS class. Class 2 is noted in as the CSNET or CS class, but the current registry (at ) no longer includes the assignment. There are two other assigned classes; these have special purposes. Class 255, ANY or *, matches any class . Class 254, NONE, is used in to specify certain kinds of operations on RRsets. Of the ordinary classes, only IN is found in common use on the Internet. Class CH is now sometimes used to carry certain kinds of name server metadata. It seems new classes might have been useful for a number of features that have been delivered in some other way. Yet classes have not been used, which might suggest that classes are less useful than they otherwise appear to be. Nevertheless, from time to time someone comes up with a suggestion for why a new class would solve some problem or other. The purpose of this memo is to offer some considerations for those contemplating such innovation.

There are three problems with classes that mean they cannot work as hoped. First, the class field is in the wrong part of the DNS message to be useful as a selector. Second, specification of resource record types has not always attended to the handling of types across classes, which means that new classes are likely to be, at best, of uncertain utility. Apart from those technical problems, there is an administrative problem. The Internet name space starts from a common root, which means that any resolver needs to start from the same bootstrap mechanism no matter what classes it uses. But in order for that to work, the new class would need to be delegated from the root name servers.

As noted in , classes are intended to divide the DNS into separate trees. Unfortunately, however, the class field does not appear in a convenient location in a DNS resource record (RR) to be effective for that purpose. DNS resource records provide the owner name before the class. As a practical matter, then, the namespace is primary. The issues is made plain by considering the matching algorithm for name servers, described in section 4.3.2. Suppose there are two (imaginary) classes, EG and IE. Imagine, further, that the same name has different RDATA in each class: example.com EG CNAME example.net example.com IE CNAME example.org In principle, the above should work because, as noted in , each class is supposed to be "delegated separately". Therefore, when the name server for example.com in class EG receives the query for example.com, it already knows which class database to search; similarly for example.com in class IE. Yet while the class delegations are defined to be separate, there is of course no way to ensure that the NS record RDATA for example.com in class IE, and the NS record RDATA for example.com in class EG, are always different. Indeed, if the different classes of name space are truly managed separately, but the name space is by convention parallel, it would not be surprising that some name server ended up authoritative for the same name in different classes. (In , section 3.6.1, there is an ambiguous example that appears to contain two classes from the same master file and for the same name.) Therefore, the name server for example.com in every class needs to be able to identify the class for the QNAME before beginning to follow the resolution algorithm. But given the DNS message format, the name server cannot find the class until it knows the name. In effect, a multi-class name server needs to look at the QCLASS in the query it gets, and then select the class in question, before it starts trying to match name by name. Once one describes the resolution pattern this way, it seems obvious that a class needs to be selected in order to resolve a QNAME. But in that case, it is rather inconvenient that the class field does not come first in a resource record; and it is not too surprising that, given that the IN class is so widely used and others so rarely, some naive implementations simply assume IN for every resource record. That assumption, of course, makes the class division in the DNS again less useful.

Some RRTYPEs are defined in a class-dependent way. For instance, the A record (type 1) is defined in to be for class IN only. Perhaps unfortunately, the IANA registry for RRTYPEs (at ) does not include an indicator for the class in which the RRTYPE is defined. In addition, not every RRTYPE specification is clear about its definition under various classes. For instance, the specification of type 55, HIP, appears not to state the class(es) for which it is defined . The specification of LOC, type 29 (in ), says that the type is defined for classes other than IN, but also says, "The semantics of such use are not defined by this memo." One might argue that this issue is resolved by , because it specifies that an unknown class and type combination is to be handled as unknown. Formally, of course, that means that every type can be handled regardless of class. But it would appear to reduce the utility of classes yet further, by increasing the probability that every RR in every class except IN will be treated as unknown.

The Internet's DNS system is part of the common name space of the Internet, and that common name space starts from a common root (see for the arguments about why this must be true). In order to provide for the resolution of a new class, the root name servers would need to respond to resolution requests for that class and provide the delegation data. Current policies about domain name delegation in the root zone appear to apply to the IN class, and it is not clear where responsibility would lie for the policies about a new class. At the very least, a new policy of this sort would need to be worked out.

Given the considerations above, it is plain that DNS classes are unlikely to be useful in the future. Designers of new name systems should consider the design of classes in the DNS. If a similar feature is desirable, its design needs to be different in order to be useful. Given the the way the DNS has managed to thrive effectively without classes, however, it would be worth asking whether the feature is useful at all.

When defining a new RRTYPE, it is best to ensure that there is a clear definition of the class for which the RRTYPE is defined. In the absence of strong reasons to do otherwise, new types should be defined for all classes.

This Internet-Draft is discussed on the IAB Internet Names and Identifiers Program public list: inip-discuss@iab.org.

Initial version